How to configure home wireless network to ensure that it is sufficiently secured and at the same time its usability is not restricted.

EDIT

Just to clarify by "usability is not restricted" I meant that the security setting applied do not cause more problems than benefits. For example if the encryption chosen is only supported by limited number of devices and you end up not being able to connect your network player etc.

+1 all in the list, and firewall. I believe current Linux/Firewalls on consumer routers are stateful, so they generally allow traffic out, and ONLY allow traffic into your network that is related to an earlier 'out' traffic. I would also add keeping software updated, and antivirus++ tools etc.
–
samtJul 28 '09 at 14:31

Apart from the usual stuff like using WPA2 encryption, remember to change your password/key periodically. Also if supported by your wifi router, use WPA-PSK.
But always remember, a wifi network cannot be 100% secure

Under the assumption that you do NOT intend to use an encryption scheme (WEP or WPA):

Turn off SSID discoverability on the router

Change the default router name to something unique to you (your SSID)

Use MAC address filtering (see note below)

Additionaly, if you know the MAC addresses of all the computers you intend to allow on the network, you can enable MAC filtering and only allow those computers to connect to your router.

If, however, using WEP and WPA is an option for you, WPA is the preferred encryption scheme, but there are multiple versions. Which scheme you can use will depend on your router.

I would still, personally, disable SSID discoverability after you initially connect all your devices to your network. I would also change the default SSID on your router. However, I wouldn't bother with MAC filtering if you were going to use WPA encryption.

UPDATE

In response to your recent modifications to your question I would go with the following configuration:

Configure WAP or WEP on your router

Change your default router name to something unique to you (SSID)

Connect all your home devices to your network with SSID discoverability ON

Turn off SSID Discoverability

In the event that you need to connect another device in the future you have two options

Try to connect to the network by specifying the SSID (this is a trivial task for a computer, but not so trivial for something like a cell phone possibly)

If you can't specify the SSID, enable discoverabilitiy again on the router, connect to the network, then disable once discovered.

I do not agree. SSID discoverability is not an issue these days.
–
Yuval AMay 1 '09 at 12:09

He indicated that he wanted his wireless network to be "not restricted", which I took as not using an encryption key such as WEP or WPA. Perhaps I interpreted the question incorrectly, but if I didn't then discoverability, I think, is therefore an issue.
–
JosephMay 1 '09 at 12:12

@Joseph, thanks for the good points. I am sorry if was I bit misleading with the "not restricted". I will update the question to clarify it a bit more
–
kristofMay 1 '09 at 13:38

and actually i like the idea of turning off the ssid discoverability Is that effective?
–
kristofMay 1 '09 at 13:55

It can help mitigate war driving, which is when people drive around looking for networks to join. If you're using WPA or WEP, that's not as much of an issue, because they can't get in anyway, but that doesn't stop someone from trying. If they can't see your network, then it adds a magnitude of complexity to assertain if your network even exists.
–
JosephMay 1 '09 at 14:26

If you buy the right Wifi Router, then you can get safety and convenience together. The DLink DIR-655 (and I think the Airport Extreme) have the ability to setup a second guest network. With this, you can set the main network to WPA2 with all the fixings. Then for consumer electronics that don't support the latest standards, setup the "guest" network with WPA. There is another option in the Dlink (on the Advanced tab, Guest Zone) called Enable routing between zones. If this is unchecked, then machines on the guest network will bypass the rest of your internal network and only be able to the the internet at large.

I think turning off SSID discoverability is overrated, and conflicts with the "usability not restricted" part of the original post. My opinion is that if your router is properly secured, having a discoverable SSID isn't an issue, and usability especially with non-computer devices is much better if you can see the SSID.

In addition to the other suggestions, don't bother with MAC filtering -- it's only good for preventing accidental connections to your access point. Same with WEP; although it is a form of encryption it's trivial to bypass these days.

So what exactly are you suggesting to do? If I read you right, the only thing to do is to change the SSID.
–
lc.May 1 '09 at 12:16

On the discoverability issue, I think it's a personal preference and largely depends on your environment. I personally have my discoverability on initially and connect all my devices to the router, afterwhich I turn it off, so as to mitigate war driving issues. I would, however, agree, that having WPA encryption is by far the best route to go. I don't use MAC filtering, either, but I assumed what he meant by "not restricted" was to not use an encryption key, but I might have misunderstood the question.
–
JosephMay 1 '09 at 12:18

And enable WPA. Which makes the thing harder to use. Love the tradeoffs.
–
wombleMay 1 '09 at 12:19

1

MAC filtering is useless as anybody could sniff the "handshake" when your lapotop and the router exchange the mac address.
–
FloMay 1 '09 at 12:24

@lc: I'm not suggesting anything that hasn't already been suggested; that's why I said "in addition to the other suggestions." I just wanted to add another opinion on the SSID and some thoughts on the uselessness of MAC filtering and WEP in case the OP was considering those. I've been surprised by the number of people that still think those are viable options for securing their network.
–
Mike PowellMay 1 '09 at 14:29